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Detailed Action 

1. In response to communication filed on 3/24/2007, Claims 1, 9, and 17 
were amended. Claims 7, 15, and 23 were cancelled. No claims were added. 

2. Applicant's arguments with respect to claims 1-6, 8-14, and 16-22, and 
24 have been considered but are moot in view of the new ground(s) of rejection. 

Information Disclosure Statement 

3. The information disclosure statement (IDS) submitted on 3/12/2007 was 
filed after the mailing date of the application on 8/22/2003. The submission is in 
compliance with the provisions of 37 CFR 1.97. Accordingly, the information 
disclosure statement has been considered by the examiner. 

Claim Rejections 35 U.S.C 103 

4. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for 

all obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically 
disclosed or described as set forth in section 102 of this title, if the 
differences between the subject matter sought to be patented and the 
prior art are such that the subject matter as a whole would have been 
obvious at the time the invention was made to a person having ordinary 
skill in the art to which said subject matter pertains. Patentability shall 
not be negatived by the manner in which the invention was made. 

5. Claims 1-6, 8-14, 16-22, and 24 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Elfering (WO 01/18631 Al, International Publication 
Date: March 15, 2001) in view of Shiu et al (GB 2386710A, Date of Filing: 
3/18/2002). 
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Claims 1, 9 and 17 ' 

Regarding Claims 1, 9 and 17, discloses a method, a computer-readable 
storage medium, and an apparatus utilizing the same functionalities. Shiu teaches 
a method, a computer-readable storage medium an apparatus for protecting an 
item of private information in a database, wherein the item of private information 
is used as a key, for retrieving data from the database comprising: 

a receiving mechanism configured to receive the item of private 
information (page 19, lines 26-30, wherein the email server submits an email 
message including conditions under which the message may be released to the 
control point, wherein the control point device proceeds to encrypt the email and 
to sign the access policy data, wherein the control point then returns an 
enveloped file to the e-mail server 900, Shiu); 

Shiu does not teach creating a hash of the item of private information at a 
database. 

On the other hand, Elfering teaches creating a hash of the item of private 
information at a database (page 1, line 29, wherein this reads over " generating a 
hashcode using a computational device for said unique identifier" , Elfering), 

Elfering does not teach creating the hash further comprises checking a 
column attribute for a column, which stores the item of private information, in the 
database to determine that " privacy" is enabled for the column and only upon 
privacy being enabled for the column, 
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On the other hand, Shiu teach wherein creating the hash further comprises 
checking a column attribute for a column, which stores the item of private 
information, in the database to determine that " privacy" is enabled for the 
column and only upon privacy being enabled for the column (page 8, lines 24-28, 
wherein a third party run service is used to authenticate and/or validate an 
access policy and to encrypt and decrypt a document, wherein a cryptographic 
specifically a private key to enforce both encryption and decryption and 
authentication an validation of the access policy; column 9, lines 4-27, wherein 
this reads over trust provider table which will validate authentication information 
against policy statements and will sign in a manner verifiable by the box that it 
has checked it and the device does however need to maintain a state with 
respect to its own identity that is to store it own digital certificate and public and 
private; and pagesl3-14, lines 25-32 and lines 1-11, wherein this reads over 
" wherein the devices receives an electronic document from a web server 
computer along with an associated access policy data corresponding to the 
electronic document and the device encrypts the document and wherein the web 
server computer entity can store the enveloped data file in the database, and any 
person attempting to access the database cannot read the documents since it is 
encrypted, and any person requesting access to the document including 
encryption must satisfy the criteria for the access policy described by the access 
policy data comprising the file, Shiu). 
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Shiu does not teach wherein storage mechanism configured to store the 
hash of the item of private information in the database. 

On the other hand, Elfering teaches a storage mechanism configured to 
store the hash of the item of private information in the database (page 10, lines 
34-35, wherein this reads over " patient data can then be stored in a database 
where this hash-coded value now identifies the patient, Elfering). 

It would have been obvious to one of the ordinary skill in the art at the 
time of applicant' s invention to create and store hash in at a database, as 
disclosed by Elfering, within Shiu system. 

A skilled artisan would have been motivated to do so for establishing an 
improved method for protecting a user identity/privacy as well as personal 
content from being accessed by an unknown user. 
Claims 2,10, and 18 : 

Regarding claims 2,10, and 18, the combination of Shiu in view of Elfering 
teaches wherein creating the hash can include creating at least one of a Secure 
Hash Algorithm- 1 and a Message-Digest Algorithm 5 (MD5) hash the hashing 
mechanism is configured to use SHA-1 or MD5 hashing functions (page 7-8, 
lines 29-30 and lines 3-6, Elfering). 
Claims 3,11, and 19 : 

Regarding claims 3,11, and 19, the combination of Shiu in view of Elfering 
teaches wherein the hashing mechanism is internal to the database and is 
transparent to an application, which manipulates the private information (page 12, 
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lines 8-20, wherein this reads over " a server is set up which separates patient 
data and medical patient data but links both data sources on the server through a 
unique ID generated on the server, wherein both data bases have different 
access/user rights and are only accessible through a COM object layer that 
control access to the database, wherein the patient database contains a unique 
patient ID that is generated from unique information associated solely with that 
patient, wherein the hash code algorithm generates a fixed bit number that 
identifies uniquely the patient, Elfering). 
Claims 4,12, and 20 : 

Regarding claims 4,12, and 20, the combination of Shiu in view of Elfering 
teaches a query mechanism configured to perform queries containing the private 
information, wherein the query mechanism is configured to: 

receive the item of private information (Refer to claim 1, wherein this 
limitation is substantially the same/or similar and therefore rejected under the 
same rationale, Shiu); 

create a hash (Refer to claim 1, wherein this limitation is substantially the 
same/or similar, Elfering); and 

query the database using the hash of the item of private information (page 
2, lines 10-11, wherein a means for querying the data on the server for 
instances of a hash code and data associated with it and receiving the results of 
said query and page 11, lines 26-30, wherein the database hold anonymous 
information about all patients, and if she selects any patient in the analysis the 
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system queries her local databases and tries to find the hashcode value from that 
patient in the local database and if found it means that this physician knows the 
patient and the site can retrieve the patients name etc from the local database 
and displays this instead of the hash value, Elfering). 

Claims 5,13, and 21} 

Regarding claims 5, 13, and 21, the combination of Shiu in view of Elfering 
teaches wherein the item of private information can include one of : 

a social security number; 

a driver's license number; 

a passport number; 

an email address; 

a person's name (page 5, lines 24-30, respectively and pages 11-12, lines 
32-37 and lines 1-3, Elfering); and 

a person's mother's maiden name. 
Claims 6, 14, and 22: 

Regarding claims 6,14, and 22, the combination of Shiu in view of Elfering 
teaches wherein the hashing mechanism can be further configured to combine 
multiple items of private information prior to creating the hash (page 11, lines 5- 
12, wherein this reads over " if anybody has to re-identify for a given patient he 
has to know what kinds of unique identifier string elements have been used and 

he has to have this information items from the patient, wherein for example in 
Germany one could and probably would use the insurance and member codes and 
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one would either need to have access to the smartcard or the patient would need 
to give the medical provider this information and also this information is available 
on medical claims forms, prescriptions, smartcards, etc, wherein one can now 
recalculate the hashcode for these items and search the database(s) for all items 
equaling this item, Elfering). 
Claims 8,16, and 24: 

The combination of Shiu in view of Elfering does not teach wherein the 
database is a Lightweight Directory Access Protocol (LDAP) database. 

On the other hand, Scheussler does teach wherein the database is a 
Lightweight Directory Access Protocol (LDAP) database (column 9, lines 28-30, 
wherein the server is configured to operate as a sever in accordance with the 
Light Weight Directory Access Protocol (LDAP), Scheussler). 

It would have been obvious to one of the ordinary skill in the art at the 
time of applicant' s invention to incorporate wherein the database is a 
Lightweight Directory Access Protocol database as disclosed by Scheussler 
within Shiu and Elfering system. 

A skilled artisan would have been motivated to do so for providing 
scalability and optimum performance within the database for allowing users to 
lookup/search queries. 
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Prior Art of Record 



(The prior art made of record and not relied upon is considered pertinent to 



applicant's disclosure). 



1. Scheussler et al 



(US Patent No. 6,366,950) 



2. Balogh 



(US Publication No. 2003/0084039) 



3. Robbins et al. 



(US Patent No. 7,062,650) 



4. Maples et al 



(US Patent No. 6,167,443) 



5. Elfering 



(WO/ 01/18631) 



6. Shiu et al 



(GB 2386710 A). 



Examiner Response to Arguments 

Applicant's arguments filed on 3/24/2006, with respect to the rejected 
claims in view of the cited references have been considered but are moot in view 
of applicant' s amended claims necessitate new ground(s) of rejection. 
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Any inquiry concerning this communication or earlier communications 
from the examiner should be directed to Helene R. Rose whose telephone 
number is (571) 272-0749. The examiner can normally be reached on 8:00am - 
4:30pm M-F. . 

If attempts to reach the examiner by telephone are unsuccessful, the 
examiner' s supervisor, Don Wong can be reached on (571) 272-1834. The fax 
phone number for the organization where this application or proceeding is 
assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from 
the Patent Application Information Retrieval (PAIR) system. Status information 
for published applications may be obtained from either Private PAIR or Public 
PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair- 
direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll- 
free). 
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